W3cubDocs

/Ansible

bigip_user - Manage user accounts and user attributes on a BIG-IP.

New in version 2.4.

Synopsis

  • Manage user accounts and user attributes on a BIG-IP.

Requirements (on host that executes module)

  • f5-sdk

Options

parameter required default choices comments
full_name
no
Full name of the user.
partition_access
no None
Specifies the administrative partition to which the user has access. partition_access is required when creating a new account. Should be in the form "partition:role". Valid roles include acceleration-policy-editor, admin, application-editor, auditor certificate-manager, guest, irule-manager, manager, no-access operator, resource-admin, user-manager, web-application-security-administrator, and web-application-security-editor. Partition portion of tuple should be an existing partition or the value 'all'.
password
yes
The password for the user account used to connect to the BIG-IP. This option can be omitted if the environment variable F5_PASSWORD is set.
password_credential
no None
Set the users password to this unencrypted value. password_credential is required when creating a new account.
server
yes
The BIG-IP host. This option can be omitted if the environment variable F5_SERVER is set.
server_port
(added in 2.2)
no 443
The BIG-IP server port. This option can be omitted if the environment variable F5_SERVER_PORT is set.
shell
no None
  • bash
  • none
  • tmsh
Optionally set the users shell.
state
no present
  • present
  • absent
Whether the account should exist or not, taking action if the state is different from what is stated.
update_password
no on_create
  • always
  • on_create
always will allow to update passwords if the user chooses to do so. on_create will only set the password for newly created users.
user
yes
The username to connect to the BIG-IP with. This user must have administrative privileges on the device. This option can be omitted if the environment variable F5_USER is set.
username_credential
yes
Name of the user to create, remove or modify.
aliases: name
validate_certs
(added in 2.0)
no True
  • True
  • False
If no, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates. This option can be omitted if the environment variable F5_VALIDATE_CERTS is set.

Examples

- name: Add the user 'johnd' as an admin
  bigip_user:
      server: "lb.mydomain.com"
      user: "admin"
      password: "secret"
      username_credential: "johnd"
      password_credential: "password"
      full_name: "John Doe"
      partition_access: "all:admin"
      update_password: "on_create"
      state: "present"
  delegate_to: localhost

- name: Change the user "johnd's" role and shell
  bigip_user:
      server: "lb.mydomain.com"
      user: "admin"
      password: "secret"
      username_credential: "johnd"
      partition_access: "NewPartition:manager"
      shell: "tmsh"
      state: "present"
  delegate_to: localhost

- name: Make the user 'johnd' an admin and set to advanced shell
  bigip_user:
      server: "lb.mydomain.com"
      user: "admin"
      password: "secret"
      name: "johnd"
      partition_access: "all:admin"
      shell: "bash"
      state: "present"
  delegate_to: localhost

- name: Remove the user 'johnd'
  bigip_user:
      server: "lb.mydomain.com"
      user: "admin"
      password: "secret"
      name: "johnd"
      state: "absent"
  delegate_to: localhost

- name: Update password
  bigip_user:
      server: "lb.mydomain.com"
      user: "admin"
      password: "secret"
      state: "present"
      username_credential: "johnd"
      password_credential: "newsupersecretpassword"
  delegate_to: localhost

# Note that the second time this task runs, it would fail because
# The password has been changed. Therefore, it is recommended that
# you either,
#
#   * Put this in its own playbook that you run when you need to
#   * Put this task in a `block`
#   * Include `ignore_errors` on this task
- name: Change the Admin password
  bigip_user:
      server: "lb.mydomain.com"
      user: "admin"
      password: "secret"
      state: "present"
      username_credential: "admin"
      password_credential: "NewSecretPassword"
  delegate_to: localhost

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name description returned type sample
shell The shell assigned to the user account changed and success string tmsh
full_name Full name of the user changed and success string John Doe
partition_access ['List of strings containing the user\'s roles and which partitions they are applied to. They are specified in the form "partition:role".'] changed and success list ['all:admin']

Notes

Note

  • Requires the requests Python package on the host. This is as easy as pip install requests
  • Requires BIG-IP versions >= 12.0.0

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Support

This module is community maintained without core committer oversight.

For more information on what this means please read Module Support

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.

© 2012–2017 Michael DeHaan
© 2017 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/bigip_user_module.html